The following is the text of the Keynote speech delivered at the GigArts 2024 conference, The Hague, Netherlands, June 4, 2024. 

We now have almost 30 years of experience with so-called multistakeholder governance. Sometimes it’s called the multistakeholder model. Sometimes it’s the “multistakeholder approach.” Sometimes, it’s an “ism,” like communism or liberalism or impressionism. It’s a good time to reflect on what it all means. Is multistakeholder just a catchword, or is it a meaningful and important structural shift in governance models. Is it something that we should preserve and protect? Is it something that we should expand?  Is it something we should get rid of?

Those questions need to be placed in historical context. We need to look at where the word or concept originated and how it was used in Internet governance debates.

I have just finished a book that recounts an important part of that story. It focuses on ICANN and its relationship to the U.S. government. ICANN was an attempt to institutionalize a radical change in the role of state actors in transnational governance. My book analyzes ICANN’s evolution and its ties the U.S. government. It explains why the US government let go of that control, in a seeming victory for that new governance model. I talk about ICANN because its governance form is what came to be known as the multistakeholder model and as an organization it is one the most steadfast promoters of the multistakeholder approach.

In the story I told, NetMundial in 2014 plays a pivotal role. It was the peak of the multistakeholder movement. Recently, our friends in Brazil organized an event commemorating the 10th anniversary of that event. They described their goal as “furthering [the] evolution and implementation of the multistakeholder approach.” I and other veterans of that time didn’t know how they planned to do that, but we wished them well.

I don’t think I will shock anyone if I say that NM+10 was a disappointment. The level of mobilization, of positive energy, did not come remotely close to the spirit of that historic and exciting gathering in 2014. Furthermore, the prospects of furthering the evolution and implementation of that approach in the current political climate look bleak. Today, the challenges to and departures from the so-called model are not just happening in authoritarian countries, but in Europe and the United States. The U.S. Federal Communications Commission, for example, is asserting authority over BGP routing, and the European Commission is increasingly interested in regulating DNS.

So why was NM+10 a flop? I am going to organize my keynote around that explanation. Let’s begin by looking back at the conditions that led to the first NETMundial.

Competing governance models

The first NetMundial was the crescendo of 10 years of struggle over who would be responsible for global governance of the Internet. Two competing and largely incompatible models were in play. One gave primacy to sovereignty and national governments. A different model came from the nascent transnational community of Internet developers, users, providers and rights advocates. They wanted to rely on new institutions formed around the Internet itself. These institutions would not be organized around nation-states. The organizational vehicles of this Internet community would be private sector nonprofits open to public participation. That model had its roots in the Internet technical community, which organized itself around what became the IETF. The Internet technical community and the U.S. government then pursued a policy of privatizing the governance of the IANA functions. The formation of the RIRs and of ICANN after 1996 were the leading expressions of this tendency. We now call them the I* institutions.

Now I am going to proceed to break the heart of the advocates of a “multistakeholder model.” I am going to point out that the term multistakeholder was never used during the formation of any of these I* institutions. The word cannot be found in any IETF RFC, not even in discussion lists before 2015. In fact, the IETF took a thoroughly individualist approach to standards development. Participants did not represent organizations, much less, “stakeholder groups;” they represented themselves. Their ideas were supposed to succeed or fail based on their merit. The RIRs were outgrowths of the same technical community, global in outlook, and organized as private sector nonprofits. During the founding of ICANN, or the creation of the RIRs, the word “multistakeholder” was never used. The word “privatization” often was.

Multistakeholder? Or Private sector-led?

Insofar as there was a new governance model for the Internet, it was the one put forward in the Clinton administration’s 1997 Framework for Global Electronic Commerce. The Framework rejected top-down governmental regulation and proposed a globalist, bottom-up path for the governance of the Internet. It relied on private law and private contracting in a transnational space. Regarding the domain name system, the Clinton Framework provided the governance architecture for what became ICANN. ICANN would institutionalize the IANA functions by allowing a “global Internet community” to govern itself by forming its own policy making institution. It would exercise authority through private contracts emanating from a California nonprofit. This institution would not govern anything and everything related to the internet, only the critical coordination functions associated with globally unique Internet identifiers and standards.

Though limited in scope, ICANN was indeed a radical institutional innovation – so radical, and so unfamiliar, in fact, that it took 13 years of internal turmoil before it found stability. Indeed, the early years were so rocky that in 2002 the second President of ICANN, Stuart Lynn, was ready to throw in the towel. He called the experiment a failure and asked to be rescued – by governments.

But that didn’t happen. The new institutional model had so much support that the community doggedly stuck to it, while making some changes. Some for the better, some for the worse.

The World Summit on the Information Society

Just as ICANN stumbled forward from Stuart Lynn’s loss of nerve, a multilateral counterattack against it and its governance model began: the World Summit on the Information Society. In WSIS, states challenged the legitimacy of ICANN. They asserted that governments, as sovereigns, had the exclusive right to make public policy for the Internet, implying that ICANN should not. WSIS also revolted against unilateral US control of ICANN, which was, in truth, a massive deviation from the intended model.

At WSIS, two worlds collided. There was a mutual sense of non-recognition and threat on both sides.

The world’s governments were shocked at the very existence of an autonomous Internet community. Why is a California nonprofit, which seemed to be run by anyone who showed up, making global Internet policy? They also resented the preeminence of the United States in the whole scheme. It was a clear departure from the principle of sovereign equality.

For its part, the Internet community was shocked, too. The Internet protocols didn’t recognize nation-states. Hadn’t the internet succeeded as a fully interoperable, free communications infrastructure precisely because governments had left it alone? Why were countries that were manifestly hostile to the open Internet, like China, Saudi Arabia and Russia, demanding a role in the management of critical internet resources?

This was the time, from 2002 to 2005, that the Internet community embraced the word “multistakeholder” as the label for its governance model. It happened during – and because of – WSIS. The term multistakeholder, as far as I can tell, was not organic to the internet community but came from UN Summits in the 1990s as they opened the door to participation by civil society actors. During WSIS, multistakeholder provided a rhetoric of justification that appealed to the governments and NGOs participating in and mobilized around the United Nations. The UN partially bought in to the idea: it established a multistakeholder working group that came up with a definition of IG that appeared to lend official support to the so-called multistakeholder model. It even formed an IGF, where states, civil society and business would interact on equal terms, all under the banner of multistakeholder.

So multistakeholder won, right? No. The battle of governance models was not over. The WSIS definition of IG reflected a serious compromise. It privileged states over the private sector and civil society in Internet governance. It assigned each stakeholder group separate “roles” – with states, as sovereigns, having a superior role with exclusive authority over “public policy for the internet.”

In retrospect, the enthusiastic reception the Internet community gave to the WGIG definition was a serious weakening of its autonomy. Although the official line was to deny it, in the Internet institutions non-state actors were, in fact, making public policy for internet identifiers, and governments were reduced to the role of another stakeholder. Governments were in a uniquely non-supreme position when it came to DNS and IP address policy – they were Advisors to a private corporation. But the multistakeholder label helped to obscure this fact. Everyone was a stakeholder, right?

So in practice, the verbal compromises of WSIS did not end the structural conflict between governance models. The battle between state-led and civil society-led governance authority over Internet registries continued to fester for the next 10 years. Many states, and not just the authoritarian ones, did not believe that the global Internet community should govern itself. At the same time, the community saw its self-governance institutions as constantly threatened by the UN and the ITU.

Catalysts of change

Two critical incidents brought matters to a head. One was the conflict over new International Telecommunication Regulations (ITRs) at the end of 2012. The other was the Snowden revelations in June 2013. Both incidents made us rethink the role of states – and the role of the United States – in Internet governance. Snowden exposed the U.S. intelligence apparatus’s power over the shared global infrastructure and private sector platforms. The conflicts over the ITRs, on the other hand, forced the US government to resist any expansion of state power over Internet governance. In doing so, the USA was forced to confront the blatant contradiction between its resistance to governmental control of the Internet in the ITU and UN, and its role as the IANA contracting authority, supervisor of ICANN, controller of the DNS root zone file, and locus of mass state surveillance.

Early in 2014, the U.S. Department of Commerce responded to the contradiction brilliantly. It announced that it would set ICANN free. It would finally make it an independent governance institution, delegating power over the IANA to “the global Internet community.”

Why NETMundial Mattered

Now we are in a better position to appreciate the original NetMundial meeting in April 2014. It happened at the conjunction of these three events: the Snowden revelations, the battle over the ITRs, and the announcement of the IANA transition. These all made the global IG community ready and willing to cooperate and act. NetMundial 2014 was the peak period of Internet community mobilization as independent, non-state actors.

At that gathering in Sao Paulo, we challenged indiscriminate mass surveillance of the Internet by states. We discussed ways to make ICANN independent and accountable. We tried to develop consensus principles for Internet governance.

It was a convening that succeeded in attracting representatives of most states to a forum where they had truly equal status with business and civil society. Even better, this multi-stakeholder, multi-state environment was not held under the auspices of the UN, the ITU, or any formal intergovernmental treaty organization. It came, instead from an ad hoc partnership between the Brazilian country code top level domain operator, the CEO of ICANN, and the President of a leading Global South country, Dilma Rousseff of Brazil.

It was, as I say in the book, “Peak Multi-stakeholderism.”

The reform of ICANN and its liberation from the US in the following two years were watersheds in the history of Internet governance. It validated global governance by non-state actors. It showed that the dream of community self-governance in a small but important sector of the Internet was achievable. It managed to overcome intense resistance from American nationalists like Ted Cruz and Donald Trump. Like all real institutions, the ICANN regime has its ugly and inefficient aspects, but all the known alternatives seem worse.

So why was NM+10 such a disappointment?

The Empty Label

After thinking about it for a long time, I concluded that its failure is attributable to the emptiness of the multistakeholder label itself. NM+10 anchored its objective in promoting “the multistakeholder approach.” But what is that? Multistakeholder does not describe a governance model. It never has. It was always a compromised Public Relations concept, one that muddied the distinction between governance models. It was a way of softening the sharp departure from state sovereignty. It made it possible to avoid telling states that yes, we really are trying to reduce your power and devolve it to a bottom-up process in which you do not have a privileged position.

Multistakeholder gets a lot of traction from its vague invocation of participation and openness. In effect, it’s a longer, uglier word for pluralism. And yes, more open participation is generally a good thing. And yet, despite how many “stakeholders” participate, in the end the real question is: who decides? And how do they decide? Any organization or process can claim to be multistakeholder now. Just invite lots of people to your party. But are you merely consulting with those people, or are you actually defining an institutional structure which formally and fairly shares decision making authority with other stakeholders? The label seems designed to avoid those questions. Thus, it obscures the most important feature of the Internet’s distinctive governance model, namely, its delegation of authority to non-state actors and the formation of new institutions not based on national sovereignty. At the core of what we mistakenly call multistakeholder was a break from a governance regime rooted in states. We need to be clear about that. And if we’re not the multistakeholder label stands for nothing.

What we have been fighting for all these years was not just “more participation,” or more diverse stakeholders. We fought for the power to govern ourselves, and to hold our own governance institutions accountable. On the internet, “governing ourselves” meant acting as a transnational community with direct authority over a defined governance problem, not as citizens subordinate to, and imperfectly represented by, a single national government.

Self-governance

Self-governance. The term raises all kinds of questions about who this collective self is, what is governed, and how much authority is delegated by individuals to the institution. The problem with the “multistakeholder” label is that it makes it more difficult for us to answer those questions. Just saying, “everyone should be involved, everyone should be heard,” ignores the fact that conflicts of interest, different ideologies and different values permeate global society. The whole point of governance institutions is to define rules that regulate how those conflicts are resolved.

The multistakeholder ideal holds up the false promise that there are no conflicts of interest, and that everyone has an incentive to cooperate, when in fact many groups in society have no incentive to cooperate, and even when they do, collective governance means that not everyone gets exactly what they want.

A blanket appeal to multistakeholder also ignores the problem of specialized expertise in the governance of technical systems. Not everyone has the time, resources and knowledge needed to pay attention to and constructively participate in every policy controversy that comes along. Not everyone has the expertise to contribute something of value to those conversations. By saying “everyone should be involved equally,” the multistakeholder ideal diverts attention from the difficult problem of defining the scope of governance and embodying an effective and just distribution of power in specific representational structures.

So where do we go from here? The first thing we need to do is recognize that what we have called the “multistakeholder model” is really governance by non-state actors. We then need to get a realistic about when and why we would want to do that.

I recently watched a workshop from a summit for ICANN’s contracted parties called “Geopolitical, Legislative, WSIS and Regulatory Developments.” In it, ICANN policy staff and its contracted registries and registrars met to discuss several incursions into the ICANN regime by national governments. The main objects of concern were the US and EU, to be exact.

In the US, there is a new Cybersecurity law forcing critical infrastructure providers to do incident reporting to our Cybersecurity and Infrastructure Security Agency (CISA). At first, the law would have applied to the IANA, the North American IP address registry, DNS root servers, registries and registrars. In line with its global governance mandate, ICANN correctly and admirably resisted classifying DNS and IP addresses as elements of U.S. critical infrastructure. It asked for an exemption. Apparently, DHS received the request favorably. There is also a new set of regulations by the U.S. Federal Communications Commission, ostensibly about net neutrality but also driven by national security fears about China. In the name of national security, the FCC is attempting to regulate the way ISPs do BGP routing. As part of this proceeding it declares that it has the authority to address threats to DNS. In this way, the US govt agency is attempting to pull global protocols heretofore governed by non-hierarchical networks of actors into US jurisdiction. This is coming from the same national government that gave us the FGEC and the IANA/ICANN transition of 2016.

Europe is making the same type of departures from global governance by nonstate actors, also motivated by security issues. In particular, NIS 2 is a set of rules that attempts to regulate root servers, registries and registrars.

Good on ICANN for opposing these moves. But if you look at how they are doing it, you find that they are invoking “the multistakeholder approach.” And that rhetoric clearly isn’t getting the same traction it used to get. What, in fact are they defending? Their argument for the multistakeholder approach has two prongs: First, they are saying the internet community already has mechanisms in place to solve the problem – in other words, we can govern ourselves. Second, they are saying we can’t have multiple national jurisdictions issuing rules for global identifiers, we need globalized institutions. In other words, implicit in both arguments is the idea that the so-called “multistakeholder approach” really means “global self-governance by non-state actors.”

When are we going to just say that, and stop hiding behind multistakeholder rhetoric?

As we confront the growing policy challenges of the digital world, we must defend the existing achievements of the Internet institutions. But we can only do this by identifying exactly what they are and why they are preferable to hierarchical state-based governance. Let’s openly recognize that they are alternatives to nation-state power. Let’s face the fact that assertions of sovereignty by 193 states in an integrated digital space leads to fragmentation, geopolitical conflict, and unproductive barriers to trade and communication. Let’s openly assert that in many specific governance contexts, especially those that benefit from global compatibility, interventions by states are unnecessary and counterproductive. Even when their interventions do give state actors more power or security, we need to explicitly recognize that giving states more power and security often involves taking power and security away from civil society and business.

Internet governance, or digital governance?

There’s another, even bigger reason why multistakeholder rhetoric rings hollow today. The big digital political economy issues of today go far beyond the governance of internet standards, names and numbers. The object of governance is now the entire digital ecosystem: a cybernetic system composed of globally interoperable networks, increasingly powerful computing devices, the buildup of gigantic stores of digitized data, and increasingly intelligent software and algorithms capable of automating analysis, decision making and the movement of physical objects. The Internet is just one component in this complex, distributed cybernetic system. A broad range of digital policy problems now calls for our attention. It includes everything from regulating self-driving vehicles, (and autonomous weapons), authenticating digital identities, moderating content, revising copyright laws (again), state-sponsored espionage and influence operations, privacy and cybersecurity, the digitization of money, classical issues of monopoly and competition, and more.

What does it mean to assert “the multistakeholder approach” for this digital ecosystem at this time? Insofar as it is meaningful at all, it points in two directions: either we attack new governance problems by forming new institutions led by non-state actors (as we did with ICANN and the DNS root 25 years ago) or that existing IG gov institutions should play a leading role in the solution to these major new problems.

Let’s consider the second option first. Can existing Internet institutions take on broader issues in the digital ecosystem? The answer is no.

Clearly, the existing IG institutions are not built to handle problems like content moderation on social media, the management of digital currencies, and liability for AI applications. The I*s are in no position to make decisions about trade restrictions on technologies deemed “strategic” or “protected,” data localization, transborder data flows. These policies arise from nation-state conflicts, and ICANN is not a vassal of one or any nation-states. ICANN bylaws prohibit it from regulating content. It is in no position to decide which content incites violence, and we don’t want to make the award of domain names the leverage point for regulating speech on the internet. The IETF and the RIRs are also in no position to make decisions about these things.

Another reason we don’t want the existing multistakeholder institutions to take on these problems is that such an enlarged scope would likely ruin the performance of their existing functions.

So, what about new institutions? It sounds lovely. But let’s not be naive about how difficult it is to do that. One of the main findings of my analysis of the ICANN transition is that forming completely new institutions, while exciting and idealistic, is also an arduous, treacherous process that is bound to provoke power struggles. There is a reason why there was a 16-year gap between the 1998 White Paper’s call for an end to U.S. control by September 30, 2000, and the time it happened in October 2016. ICANN was a mess for its first 12 years. Further, DNS governance posed a unique problem because domain names were new resources that national governments (with one exception) did not have authority over. Even so, the rise of ICANN provoked major power struggles with the system of state sovereignty.

Try forming a new institution where existing, powerful institutions already have entrenched authority, or want to have such authority. The conditions that must be met for a new global institution to be put into operation, and its authority recognized and legitimated, are very stringent. Frankly I laugh when I see the UN or the OECD or a group of public-spirited NGOs, think tanks, businesses and computer scientists calling for “global governance of artificial intelligence.” What is their point of leverage for governance? There is no centralized root zone, no Nash equilibrium on a globally consistent name space, that would bring all the actors involved in AI together with an interest in institutionalized cooperation. The interest groups involved in AI development and use – especially those involving nation-states and national security – are so divergent that it’s truly laughable to contemplate them all agreeing on a common institutional home, much less a common set of rules and policies.

What the future will look like

Let me conclude by telling a story about emergent governance activities that seems to me to indicate where things are headed. I will focus on a specific digital governance problem: content moderation or content governance. By that I mean attempts to monitor, control or regulate the messages on social media, web sites and messaging apps to respond to problems such as terroristic threats, incitements to violence, sexual harassment, state-directed influence operations, fact-checking false statements, and so on.

Content management in the global digital ecosystem poses a number of wicked governance problems. If we want to facilitate globalized platforms and social interactions, we cannot have each national government enforcing laws that apply only in their territory. Furthermore, we know that giving national governments arbitrary powers over online content are as likely to foster political censorship as they are to support public safety. We also know that the private sector operators of platforms have assumed much of the burden of content moderation, partly for self-interested reasons, partly in response to political pressure from governments and civil society. The platforms want users and their advertisers to feel comfortable on their service. Market choices play a role here; different platforms have different policies, and advertisers and users make decisions based on those differences, as we’ve seen with Elon Musk’s acquisition of Twitter.

We’ve seen the rise of an extensive, informal network of non-state actors doing fact-checking, assessing misinformation, reporting CSAM and so on. Some of them get government funding, some don’t. Just like the old spam fighters of the 1990s, they have given themselves authority over truth and reputation. Publishers of content and operators of platforms make their own choices about which fact-checkers to listen to. Sometimes they make wrong decisions, raising questions about redress and accountability. This is what we call non-hierarchical networked governance.

Given the massive scale and global scope of these messages, it is clear that no single, centralized content governance agency is likely to arise. And who would want that?

I’ve used content moderation, rather quickly and superficially, to illustrate a more general point about the future. We see non-hierarchical forms of networked governance, overlapping networks based on self-appointed actors, that sometimes draw upon hierarchical state power but mostly rely on reputation and cooperation. We see a diverse, decentralized regime in which choice in the market plays a big role, where binding rules play a role, where some voluntary standards achieve universal compliance because of network effects. There will be areas where we want hierarchical state power to come in: to prosecute violent criminals, to track down and disable ransomware gangs, to deter commercial fraud and abuses of private data. But we will also need to keep state power carefully in check, because state actors are one of the most prominent sources of censorship, cybercrime, disinformation, sabotage and espionage. For this, the absence of centralized hierarchical authority is crucial for the power to govern ourselves.

Am I describing multistakeholderism? Some may want to call it that, but I wouldn’t, because appeals to “the multistakeholder approach” don’t tell us anything useful about how to scope or implement governance across these different areas of the digital ecosystem.

Give credit where credit is due: from 2004 to 2016, multistakeholder rhetoric helped to undermine the monopoly of nation-states on digital governance. For that, we owe it a nice, passionate good-bye kiss. But we do need to say goodbye. Ten years on, multistakeholder rhetoric is no longer an effective mobilizing trope. It does not tell us what to govern, what not to govern, or how to govern. And it avoids naming the key difference between Internet community self-governance and traditional governance by states.

By urging us to shed multistakeholder rhetoric, I do not mean to be negative or discouraging, though I know many will interpret it that way. Instead, I intend to clear our vision so that we can be free to develop new forms of governance that respond to the actual problems we have. It reminds me of a Chinese saying, “inherit the past and pioneer the future.” Moving beyond multistakeholder rhetoric paves the way for a more innovative and forward-looking digital governance.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.